Jump to content

W32/DLoader.DAJD (log attached)


bru

Recommended Posts

Hello,

I am wondering about the following situation. I ran Norman Malware Cleaner, a tool I have used occasionally since cleaning an infection about a month ago. It found the following infected file:

C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Infected with W32/DLoader.DAJD)

Scanning: postscan

Number of files found: 307169

Number of archives unpacked: 7816

Number of files scanned: 307163

Number of files not scanned: 6

Number of files skipped due to exclude list: 0

Number of infected files found: 1

Number of infected files repaired/deleted: 0

Number of infections removed: 0

Searching popcaploader.dll and W32/DLoader.DAJD shows it's related to a game my wife has played, Bejeweled 2. Some AV software identifies it as malware, others don't. virustotal.com showed 40% of tested AV programs found it, including Norman.

I found this thread here, where the poster's log under files infected showed MBAM found the exact same infected file and quarantined and deleted it successfully.

http://forums.malwarebytes.org/lofiversion...php?t38702.html

My full MBAM scan (see below) did not find it. So my questions are: Why would MBAM find it for another user and not for me? Has popcaploader.dll and/or W32/DLoader.DAJD been deemed not a threat? Is it a threat that I should remove? If so how? MBAM doesn't find it, so back to Norman?

Thanks

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4494

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/28/2010 11:18:51 AM

mbam-log-2010-08-28 (11-18-51).txt

Scan type: Full scan (C:\|)

Objects scanned: 270981

Time elapsed: 1 hour(s), 53 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

PopCap isn't "malware." It's used by games as you pointed out, but it has a history of questionable activity (adware and such). If you aren't experiencing any issues then it's likely that you don't have any adware.

That topic was back in February and it's likely that the detection has been pulled due to it cleaning up its behavior. I cannot say for sure since I'm not a MBAM developer, but that's my best estimation.

Essentially, you would be getting popups if it still had adware functionality.

Does this answer your question?

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

PopCap isn't "malware." It's used by games as you pointed out, but it has a history of questionable activity (adware and such). If you aren't experiencing any issues then it's likely that you don't have any adware.

That topic was back in February and it's likely that the detection has been pulled due to it cleaning up its behavior. I cannot say for sure since I'm not a MBAM developer, but that's my best estimation.

Essentially, you would be getting popups if it still had adware functionality.

Does this answer your question?

It sure does. No popups that I have seen, I'll have my wife keep an eye out too. There definitely is a bit of conflicting info about popcaploader but I trust MBAM and if they aren't flagging it that's good enough for me. Thank you

Link to post
Share on other sites

I am confused as to how W32/DLoader.DAJD fits in to this? Is it part of PopCap or something separate? PopCap itself may be somewhat harmless but is the W32/DLoader.DAJD something to be concerned about? There are many different "infections" associated with popcaploader.dll listed on sites such as virustotal (e.g. W32/Downldr2.RVE, Trj/Downloader.MDW). When do you know if it's something really bad.

Link to post
Share on other sites

  • Staff
When do you know if it's something really bad.
If you are unsure please feel free to ask us here in the forum.

"Downloaded.DAJD" is just their naming convention. Most antivirus venders name their targets differently so it appears as though all of them are detecting a "different" infection, when in actuality it's just how they name it. If it were truly a "downloader" it would have downloaded other files to your computer and you would most likely be experiencing symptoms of infection (popups, etc.)...

Link to post
Share on other sites

  • 5 weeks later...
  • Staff

Glad we could help. :(

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.